10 Chrome extensions that enhance online security

Google Chrome is known for being secure. But you can improve both online security and functionality with the help of these third-party extensions.

Chrome is my Web browser of choice. Why? It arguably is the most secure Web browser currently available. Still, I'm a firm believer that you can't have too much security. So when third-party developers create extensions that enhance security, I pay attention. Here are some you may want to have a look at.

Note: This article is also available for download as a PDF and PowerPoint presentation.

1: AdBlock

Some may not consider AdBlock a security extension. But I would not surf without it. By blocking ads, AdBlock removes a relatively new attack vector. The bad guys are using what is called Malware Ad Injections to successfully infiltrate accredited Web sites like the New York Times. AdBlock prevents that.

2: Bug Me Not

Bug Me Not is a unique extension. Its purpose is to thwart advertising spam from Web sites that require registering. If a Web site requests information, activate the extension. It will check Bug Me Not.com's database. If registration information is available, Bug Me Not will populate the form, allowing you to continue, yet remain anonymous.

3: FlashBlock

Vulnerabilities in Flash are becoming popular targets for the criminal element. FlashBlock helps by initially blocking all Flash content on a Web page. You then choose to activate individual elements or all Flash content on the page. FlashBlock remembers your decisions, building a whitelist of trusted sites.

4: LastPass

LastPass is an online password manager and form filler. Because it is online, passwords and personal information can be synced across multiple computers. To accomplish that, all transferred data is first encrypted locally, then uploaded to LastPass servers. You can read about other helpful features in my review of LastPass.

5: RoboForm Online

RoboForm Online is another password manager and form filler I want to mention, as LastPass may not be for everyone. TechRepublic writer Tom Olzak wrote a nice review describing all of the available features. It is similar to LastPass in that passwords are encrypted locally, then uploaded to RoboForm servers.

7: SiteAdvisor

SiteAdvisor is a service that reports on the safety of Web sites. I mentioned it when writing about phishing Web sites. The SiteAdvisor icon (located right of the address bar) advertises the Web site's rating. You also have the option of not allowing suspicious Web sites to load.

8: Unencrypted Password Warning

Unencrypted Password Warning does exactly what its name says. It also displays a warning if credit card numbers are sent in the clear. This extension is helpful for users who aren't familiar with HTTPS and what it means. If there is a problem, it opens a window and explains what's wrong.

9: WOT

Web of Trust (WOT) is another extension that rates the trustworthiness of Web sites. I wanted to include both WOT and SiteAdvisor, as they have differences. Unlike SiteAdvisor, WOT rates search results, which is a nice feature. You have an idea before you proceed to the Web site.

10: Xmarks Bookmarks Sync

Xmarks Bookmarks Sync is not necessarily a security extension, nor is it needed if you use Chrome exclusively. But if you run multiple Web browsers, including Chrome, Firefox, Safari, and Internet Explorer, on different computers, Xmarks will make your life a whole lot easier. It automatically syncs your bookmarks everywhere. A more detailed explanation of the extension is available on the Xmarks site.

Final thoughts

Many of these extensions are just being ported to Chrome and may have issues. So you need to be careful, as the bad guys are focused on extension vulnerabilities.

One final note: LastPass is my favorite extension for many reasons. A new one has just cropped up. You may have heard about tabnapping. Password managers like LastPass remove the problem. The login information is associated only with the correct Web site address.

About Michael Kassner

Information is my field...Writing is my passion...Coupling the two is my mission.

Full Bio

The "why bother" comment is a little tongue in cheek, but heartfelt nevertheless.
There are still too many websites that don't work properly in Chrome.
Many will dismiss my comment/complaint as being the fault of the website developer and not Chrome's fault, but I am not so sure - and I am also not inclined to let Chrome off the hook.
As someone who has won web design awards, I appreciate how hard it is to get full browser compatibility. However, I feel that browsers like Chrome need to make it a little easier for the websiter designers/builders. Opera is another culprit and even Firefox doesn't always get it right.
Perhaps more importantly, this needs doing for the visitors who don't want to have to worry about standards and all the rest of it.

I love Chrome and would use it if Google made it more "user friendly".
For example, why don't they want people to set the cache location? Yes, I know how to set this if clicking from a link, but it doesn't work if Chrome is set as the default browser and you open a link (e.g.) from an email.
I have a fast SSD drive for my OS and want the browser cache somewhere else.....
You also can't set the download location, etc, etc. Come on Google, this is basic stuff!

has the open-source WebKit rendering engine which Google characterizes as "HTML5, CSS and JavaScript". As far as I can determine, all of the features of JavaScript as it is today are implemented in WebKit, without (of course) any regard to the threat that some of them pose to computer system security.
At the moment, I cannot recall which other browsers use WebKit, too, but if Firefox doesn't use it yet, I suspect that Firefox 4 will.
In my experience, there are far too many websites that do not work well (or completely) with anything but versions of Internet Explorer. Microsoft encourages "customization" for I.E. because they are still convinced that they must, even if they can't, seize control of the Internet with their web browser.

lately about IE and Firefox slowing way down lately. I have noticed it has sped up on both of them in my PC.
Maybe everything is being optimized for x64 PCs, even though we are talking about 32 bit browsers?
Until flash goes x64, I will not be able to use my x64 Internet Explorer 8.

it either doesn't work on standard accounts, or not at all on 64 bit PCs. Maybe in Linux it does, but FireFox runs like a top here lately on my Vista x64 system. I think I'll stick with it for a while.
I hear the 64bit beta for FireFox is already available for download! It is supposed to be released in final form in November.

I am surprised that you have not had any problems but I suppose it just depends which web sites you visit.
The problems have been around :
- buttons not working; presumably problems with the scripting
- odd page layout; different rendering from IE
- menu bar (and menu options) behaviour different (usually simply doesn't work)
- etc - I haven't catalogued the problems but usually notify Google each time
There are many sites (most) where everything works just fine, but there are too many where this is not the case.
Perhaps I'll start compiling a list and update this thread.

Well you can try it by your own:
http://www.stickypassword.com/en/support/beta-program
I've tried it and it work flawlessly. But it is not only an extension. It is the whole applications, that now supports also Chrome, but it is accessible via systray and their button in each browser.

It's messy as you have to launch it and then scan through the tabs. Why didn't Google just implement scrolling tabls like Firefox, Opera and Safari? It would have been simple and people who are enough of a power user to open more than a dozen tabs are more than able to understand about scrolling the tab bar.
I like chrome, I'm using it to write this, it works well and it's fast but I can't adopt it full-time because I'm a tabaholic. I usually have 3 to 4 windows open with a couple of hundred or more tabs open. Don't ask, I'm a black sheep :)

both my browsers - FF & IE8 were not showing the ratings on my install of Site Advisor. All I had to do was click "Advanced search" hypertext just below the Google search window, and then the [Advanced Search] button on the lower right hand corner of the resultant screen, and wallah! Everything was fixed.
So go figure on that one!! Sometimes it is something silly that is keeping the ratings displays hidden on these extensions; I pray a good Google search will solve your problem.

I've used WOT on Firefox and IE, and while the extension seems to have now installed in chrome (WOT symbol on the menu bar) by doing the install from start, all programs and removing the desktop icon, the warning WOT donuts do not appear when I google anything?? Anybody know why or how to get them to appear? Thanks.

Not sure what you mean by the User Agent string?
In any case, I checked chrome and the installed version is: 4.1.249.1036.
What I find is odd also, if I click on the desktop icon/shortcut, chrome opens in incognito mode, but if I go through start - all programs, it opens in normal mode. The desktop icon does not allow me to install the extensions, but the all programs option does?
Thoughts?

Forgive me for repeating myself, but this doesn't seem to have sunk in yet.
The "Under the bonnet" version (which apparently applies to the UK version of Chrome) does not have an option to set the download location - and is possibly missing many other options as well.....

Downloads have always been stored "outside of the sandbox" because the "sandbox" that Google Chrome creates is in memory, not on recordable media.
Sandboxie creates the sandbox on the primary hard disk drive (on my computer it is C:\Sandbox). Downloads are stored inside the sandbox, in a mirror of the actual NTFS on the destination media, and the mirror is, of course, inside the sandbox. So, if you want to keep the downloaded object, you must "recover" (retrieve) it from the sandbox before the content of the sandbox is deleted.

I guess you must be right, as I live in the UK.
Does your version have the ability to specify the download location?
Also, what are your views on the limited options Google makes available - such as not being able to specify the cache location, etc
Is there a technical reason for this? When I look at the huge number of options available for Firefox I have to wonder who is right (not that I would recommend people fiddle too much with all those options - in fact there are probably far too many available for misuse.

i just downloaded chrome and installed. I checked the options and the download location is there, right where it should be and the version i have is 5.0.375.55 all you have to do is scroll down a little